Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

• Analysis suggests the Kaseya REvil incident was actually a bit of a fizzer
• They also obtained a decrypt key and no one knows how
• EU to follow US Treasury on Bitcoin controls
• Israeli Government has eyes on NSO fallout
• PetitPotam Active Directory technique is very bad news
• Much, much more…

This week’s show is brought to you by Remediant. Remediant makes a PAM solution that’s, well, quite different from the traditional password-vault style solutions. That’s put them in an interesting situation lately with Gartner. Remediant scored an honourable mention as a PAM to take note of, alongside Microsoft, but the thing is they don’t even qualify as a PAM vendor under Gartner’s own criteria. This might mean the analyst firms need to re-jig the way they evaluate and rank tech given there are so many more ways to skin cats these days. Remediant co-founder Paul Lanzi will join me in this week’s sponsor slot to talk through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident Kaseya says it didn't pay ransomware gang for decryption key after hacks affected hundreds Kaseya obtains universal decryptor for REvil ransomware victims Joe Tidy on Twitter: "The impact of the South African port cyber attack is getting worse. The Road Freight Association (RFA) said it was “dismayed and gravely concerned” about the cyber-attack on Durban Port. https://t.co/iT1WAP165Z https://t.co/ipssCVfSIo" / Twitter Port cyber attack: Now Road freighters concerned about goods Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy FBI tracking more than 100 active ransomware groups New Haron ransomware gang emerges, borrows from Avaddon and Thanos - The Record by Recorded Future BlackMatter ransomware targets companies with revenue of $100 million and more - The Record by Recorded Future Spammer floods the Babuk ransomware gang's forum with gay porn GIFs - The Record by Recorded Future No More Ransom celebrates success in helping 600k people recover from ransomware attacks | The Daily Swig Justice Department officials urge Congress to pass ransomware notification law New EU legislation to ban anonymous cryptocurrency wallets, transfers - The Record by Recorded Future Government said to form team to deal with fallout of NSO spyware revelations | The Times of Israel ‘If You’re Not A Criminal, Don’t Be Afraid’—NSO CEO On ‘Insane’ Hacking Allegations Facing $1 Billion Spyware Business NSO Group CEO Claims BDS Is Probably Behind Damning Investigation New PetitPotam attack forces Windows servers to authenticate with an attacker - The Record by Recorded Future HD Moore on Twitter: "It is wild to see *unauthenticated* RCE via NTLM relay attacks, again, in 2021: https://t.co/CiS4bKH8oV (decades since smbrelay / karma / karmetasploit PoCs)" / Twitter KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) A Controversial Tool Calls Out Thousands of Hackable Websites | WIRED IDEMIA fixes vulnerability that can allow threat actors to open doors remotely - The Record by Recorded Future PlugwalkJoe Does the Perp Walk – Krebs on Security UK man arrested in Spain for role in Twitter 2020 hack - The Record by Recorded Future Praying Mantis APT targets IIS servers with ASP.NET exploits - The Record by Recorded Future Botnet operator who proxied traffic for other cybercrime groups pleads guilty - The Record by Recorded Future Chinese hacking group APT31 uses mesh of home routers to disguise attacks - The Record by Recorded Future VPN servers seized by Ukrainian authorities weren’t encrypted | Ars Technica Accused CIA leaker Joshua Schulte allowed to represent himself at next Vault 7 trial Seriously Risky Business